diff --git a/README.md b/README.md index 48c2af6d..4e486ce8 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # sre-tools -To use `sre-seal` and `sre-secrets`, you'll need `kubectl` configured with existing `dev2` and `prod2` contexts. [kubeseal](https://github.com/bitnami-labs/sealed-secrets) is also required for generating secrets. +To use `sre-seal` and `sre-secrets`, you'll need `kubectl` configured with existing `dev` and `prod` contexts. [kubeseal](https://github.com/bitnami-labs/sealed-secrets) is also required for generating secrets. | Tool | Usage | | -------------------------------------------------- | --------------------------------------- | @@ -8,4 +8,4 @@ To use `sre-seal` and `sre-secrets`, you'll need `kubectl` configured with exist | [sre-secrets](./packages/sre-secrets) | Create all sealed secrets files at once | | [azure-db](./packages/azure-db) | Create/Drop databases and users | | [k8strip](./packages/k8strip) | Strip sensitive data from k8s manifests | -| [WebSeal](https://socialgouv.github.io/sre-tools/) | Online sealed-secrets generator | +| [WebSeal](https://socialgouv.github.io/sre-tools/) | Online sealed-secrets generator | diff --git a/packages/azure-db/README.md b/packages/azure-db/README.md index f51a3d20..a847c805 100644 --- a/packages/azure-db/README.md +++ b/packages/azure-db/README.md @@ -17,7 +17,7 @@ Commands: azure-db drop-autodevops-dbs destroy all generated databases Options: - --cluster k8s cluster [required] [choices: "prod2", "dev2"] + --cluster k8s cluster [required] [choices: "prod", "dev"] --application gitlab application name [required] --database database name --user user name @@ -32,7 +32,7 @@ Options: azure-db create --application sample-next-app # Create a database in PROD -azure-db create --cluster prod2 --application sample-next-app --database demo42 --user demo42 +azure-db create --cluster prod --application sample-next-app --database demo42 --user demo42 # Destroy a database in DEV azure-db drop --application sample-next-app --database demo42 --user demo42 diff --git a/packages/azure-db/bin/index.js b/packages/azure-db/bin/index.js index 5f6fa888..abbba24d 100755 --- a/packages/azure-db/bin/index.js +++ b/packages/azure-db/bin/index.js @@ -23,8 +23,8 @@ const getDetaultYargs = () => yargs .nargs("cluster", 1) .describe("cluster", "k8s cluster") - .choices("cluster", ["prod2", "dev2"]) - .default("cluster", "dev2") + .choices("cluster", ["prod", "dev"]) + .default("cluster", "dev") .nargs("application", 1) .describe("application", "gitlab application name") .nargs("database", 1) @@ -66,10 +66,10 @@ const args = yargs "You must provide a valid command : create, drop or drop-autodevops-dbs" ); } - if (argv._[0] === "drop" && argv.cluster === "prod2") { + if (argv._[0] === "drop" && argv.cluster === "prod") { throw new Error("One cannot drop PROD databases :)"); } - if (argv._[0] === "drop-autodevops-dbs" && argv.cluster === "prod2") { + if (argv._[0] === "drop-autodevops-dbs" && argv.cluster === "prod") { throw new Error("One cannot drop PROD databases :)"); } return true; @@ -92,7 +92,7 @@ const run = async () => { }); const dbHost = getPgServerHostname( argv.pgName || argv.application, - argv.cluster === "prod2" ? "prod" : "dev" + argv.cluster === "prod" ? "prod" : "dev" ); console.log( `Created create-db job in namespace ${namespace} on cluster ${argv.cluster}` diff --git a/packages/sre-seal/README.md b/packages/sre-seal/README.md index c1f4a2cf..50fbcf9a 100644 --- a/packages/sre-seal/README.md +++ b/packages/sre-seal/README.md @@ -12,7 +12,7 @@ Usage: sre-seal [options] Options: --namespace k8s namespace (optional in dev) [default: null] --name k8s secret name (optional in dev) [default: "some-secret-name"] - --context k8s context [default: "dev2"] + --context k8s context [default: "dev"] --from path to existing seal file ``` @@ -26,7 +26,7 @@ cat values.yml | sre-seal > sealed.yml echo "PASSWORD=pouet" | sre-seal > sealed.yml # Prod secrets have mandatories namespace and secret name -cat values.yml | sre-seal --context prod2 --namespace project --name secret-name > sealed.yml +cat values.yml | sre-seal --context prod --namespace project --name secret-name > sealed.yml # Add new secret to some existing secret file with `--from` echo "PASSWORD=pouet" | sre-seal --from current-seal.yml > sealed.yml @@ -42,7 +42,7 @@ const { cryptFromSecrets } = require("@socialgouv/sre-seal"); cryptFromSecrets({ name: "some-secret-name", //namespace: "cdtn-admin", - context: "dev2", // or prod2 with namespace + context: "dev", // or prod with namespace secrets: { PGRST_JWT_SECRET: "FyH2ETW8zulPobZ9j6wr3jWM5OtsK2zR84NLBIb0", KIKOO: "Bjd9ddeR84NLBIb0", diff --git a/packages/sre-seal/bin/index.js b/packages/sre-seal/bin/index.js index 8afc5366..8563dbf5 100755 --- a/packages/sre-seal/bin/index.js +++ b/packages/sre-seal/bin/index.js @@ -36,14 +36,14 @@ const args = yargs // context .nargs("context", 1) .describe("context", "k8s context") - .default("context", "dev2") + .default("context", "dev") // use existing seal file .nargs("from", 1) .describe("from", "path to existing seal file") // checks .check((argv, options) => { - if (argv.context === "prod2" && (!argv.namespace || !argv.name)) { - throw new Error("--name and --namespace are mandatory for prod2"); + if (argv.context === "prod" && (!argv.namespace || !argv.name)) { + throw new Error("--name and --namespace are mandatory for prod"); return false; } if (argv._ && argv._.length === 0) { diff --git a/packages/sre-seal/src/crypt.js b/packages/sre-seal/src/crypt.js index 05798afb..389a316a 100644 --- a/packages/sre-seal/src/crypt.js +++ b/packages/sre-seal/src/crypt.js @@ -3,14 +3,14 @@ const execa = require("execa"); const flatify = (arr) => arr.flatMap((a, c) => a); const sealedSecretsUrls = { - prod2: "https://kubeseal.prod2.fabrique.social.gouv.fr/v1/cert.pem", - dev2: "https://kubeseal.dev2.fabrique.social.gouv.fr/v1/cert.pem", + prod: "https://kubeseal.prod2.fabrique.social.gouv.fr/v1/cert.pem", + dev: "https://kubeseal.dev2.fabrique.social.gouv.fr/v1/cert.pem", }; // build kubeseal args and execute kubeseal const crypt = async ({ context, namespace, name, input }) => { const args = [["--raw", "--context", context]]; - if (context === "prod2") { + if (context === "prod") { args.push(["--name", name]); args.push(["--namespace", namespace]); } else { diff --git a/packages/sre-seal/src/cryptFromSecrets.js b/packages/sre-seal/src/cryptFromSecrets.js index a2c18cca..024c3742 100644 --- a/packages/sre-seal/src/cryptFromSecrets.js +++ b/packages/sre-seal/src/cryptFromSecrets.js @@ -17,7 +17,7 @@ const cryptFromSecrets = ({ context, namespace, name, secrets }) => }).then((value) => ({ key, value })) ) ).then((encrypteds) => { - const annotations = context === "prod2" ? {} : clusterWideAnnotations; + const annotations = context === "prod" ? {} : clusterWideAnnotations; return createSealedSecret({ namespace, name, diff --git a/packages/sre-secrets/__tests__/__snapshots__/index.ts.snap b/packages/sre-secrets/__tests__/__snapshots__/index.ts.snap index 1011433e..ad3d43ec 100644 --- a/packages/sre-secrets/__tests__/__snapshots__/index.ts.snap +++ b/packages/sre-secrets/__tests__/__snapshots__/index.ts.snap @@ -29,35 +29,6 @@ Object { } `; -exports[`Test sealed secrets generation Check preprod snapshot 1`] = ` -Object { - "apiVersion": "bitnami.com/v1alpha1", - "kind": "SealedSecret", - "metadata": Object { - "annotations": Object { - "sealedsecrets.bitnami.com/cluster-wide": "true", - }, - "name": "app-sealed-secret", - "namespace": "my-app-namespace", - }, - "spec": Object { - "encryptedData": Object { - "tata": Any, - "toto": Any, - }, - "template": Object { - "metadata": Object { - "annotations": Object { - "sealedsecrets.bitnami.com/cluster-wide": "true", - }, - "name": "app-sealed-secret", - }, - "type": "Opaque", - }, - }, -} -`; - exports[`Test sealed secrets generation Check prod snapshot 1`] = ` Object { "apiVersion": "bitnami.com/v1alpha1", diff --git a/packages/sre-secrets/__tests__/data/.secrets.yaml b/packages/sre-secrets/__tests__/data/.secrets.yaml index eaca30de..bd0b0e61 100644 --- a/packages/sre-secrets/__tests__/data/.secrets.yaml +++ b/packages/sre-secrets/__tests__/data/.secrets.yaml @@ -6,10 +6,6 @@ services: secrets: # List of secrets to seal toto: "titi" tata: "tutu" - preprod: - secrets: - toto: "titi" - tata: "tutu" prod: fileName: "app-prod" secretsName: "app-prod-sealed-secret" diff --git a/packages/sre-secrets/__tests__/index.ts b/packages/sre-secrets/__tests__/index.ts index 1aaed694..aaeae51d 100644 --- a/packages/sre-secrets/__tests__/index.ts +++ b/packages/sre-secrets/__tests__/index.ts @@ -35,12 +35,6 @@ describe("Test sealed secrets generation", () => { expect(content).toMatchSnapshot(matchers); }); - test("Check preprod snapshot", () => { - const path = `${folderPath}/environments/preprod/app.sealed-secret.yaml`; - const content = load(readFileSync(path, "utf8")); - expect(content).toMatchSnapshot(matchers); - }); - test("Check prod snapshot", () => { const path = `${folderPath}/environments/prod/app-prod.sealed-secret.yaml`; const content = load(readFileSync(path, "utf8")); diff --git a/packages/sre-secrets/src/environments.ts b/packages/sre-secrets/src/environments.ts index 641c35e3..95a570b8 100644 --- a/packages/sre-secrets/src/environments.ts +++ b/packages/sre-secrets/src/environments.ts @@ -16,10 +16,9 @@ const processEnvironment = environmentName: string, { fileName, secretsName, secrets }: ServiceEnvironment ) => { - const context = environmentName === "prod" ? "prod2" : "dev2"; const name = secretsName ?? `${serviceName}-${baseName}`; const sealed = await cryptFromSecrets({ - context, + context: environmentName, name, namespace, secrets,